SEC’s New Cybersecurity Rules Now in Effect
New cybersecurity rules from the US Securities and Exchange Commission (SEC) went into effect on December 15, 2023, reports Todd Ehret.
The rules “introduce mandatory cyber-incident reporting requirements for all US-listed companies.”
These rules represent a significant shift in disclosure requirements, as “disclosures must be filed within four business days after a company determines that it has experienced a material cyber-incident,” Ehret says.
Companies also must “ensure that best practices are in place across the enterprise to prevent cyberattacks and ensure that a proper response plan is in place that effectively stops or quickly remediates real threats when attacked,” he notes.
Read more at Thomson-Reuters.
12/20/2023
Related content
-
Understanding Cybersecurity Maturity Model Certification
United States Cybersecurity Maturity Model Certification will be required by mid-2023 to handle controlled unclassified information and win federal contracts, but it can also help minimize business risk and keep information out of the hands of adversaries. -
News for Admins
In the news: US Agencies Issue Quantum-Readiness Recommendations; Bitwarden Secrets Manager; IBM X-Force Releases Detection and Response Framework for Managed File Transfers; National Strategy to Expand US Cyber Workforce; SEC Adopts New Rules for Disclosure of Cybersecurity Incidents; Canonical Announces Real-Time Ubuntu for Intel Core; EU-US Data Privacy Framework Ensures Safe Data Transfers; IEEE Releases New Standard for LiFi Communications; EU Health Sector Security Risks; and JupyterLab 4.0.
- Prepare Now for New Cybersecurity Regulations
- Cybersecurity Apprenticeship Initiative Announced
-
Security and automation with SBOMs
Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities.